Effective as of November 16, 2022

At SRO Software Limited, we process your personal data in accordance with applicable privacy laws and this Privacy Policy explains what information we collect about you, how we process, store and use it, with whom we share it, and what rights you have.

We have implemented various technical and organizational measures to comply with applicable legislation related to the processing of personal data, data security, and privacy in countries where we operate or where the applicable law applies to us.

This Privacy Policy sets forth the basic rules and principles according to which we process your personal data and mentions our responsibilities while processing your personal data according to the transparency obligations. We do not intend to collect personal data of children or persons under the age of 16 (sixteen) years old.

Our Privacy Policy covers our policy regarding the processing of all the personal data that you submit to us or that we obtain from you or authorised third parties when you use our websites (,, Apple App Store application, or Google Play application, and all other related services available on or through our website and applications for the spend management solutions; spend control, data analysis, data reporting (collectively, the “Services”).

1. Contact Information

If you have any questions about the Privacy Policy, your personal data, or you would like to exercise any of your privacy rights, please use the following contact information:

2. Legal grounds for the processing of personal data

Any operation related to the processing of personal data must have a legal basis for the processing. We collect any data only on the lawful ground and only data that is necessary to provide our Services to you. We use the main four grounds to process your personal data: consent, contract, legal obligation, and legitimate interests.

Applicable laws have other legal grounds for the processing and when they are applicable, we will use such grounds to process the personal data.

3. What information do we process and collect?

We process the following categories of information:

3.1. Information You Give Us

3.2. Information We Collect When You Use Our Services

3.3. Information Provided through Us to Third Party

We integrate the functionality of third-party partners. Depending on the integrations, our partners may collect the following types of information:

Transaction information. Bank account details.

Additional information. The information provided to our support team, public social networking posts, and other data collected via cookies and similar technologies.

3.4. Other Information

We receive pseudonymized information from third parties like advertising networks or analytics providers. 

4. How do we get the personal data and why do we have it?

We will only process information that is necessary for the purpose for which it has been collected. 

4.1. Consent rules and related purposes

Where you have provided your consent, we may use and process your information to contact you about offers, promotions, events, services, or information which we think will be of interest to you. We also process personal data we obtain from optional cookies that we set on the Services based on your consent. In case the legal basis is consent, you can withdraw your consent at any time by contacting us. 

If you do withdraw your consent, and if we do not have another legal basis for the processing of your data, then we will stop the processing of your personal data and will delete it in specific situations, including in case you request the deletion of your personal data and we are obliged to delete your personal data according to the applicable law.

If we have another legal basis for the processing of your data, then we will continue to do so, subject to your legal interests and rights.

4.2. Contract rules and related purposes

We use and process your personal data where this is necessary to perform a contract or the terms of service with you and to fulfill and complete your transactions entered into with us or provide the Services.

4.3. Legitimate interests’ rules and related purposes

We use and process your personal data as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so.

Users support: to respond to correspondence you send to us and fulfill the requests you make to us.

Promotion of our business: to contact you with marketing information in certain cases; to contact you with targeted advertising delivered online through social media, search engines, third-party websites or apps and applications, and other platforms operated by other companies unless you object or such activity requires your consent. 

Communication with you: to communicate with you including to respond to queries, complaints, or claims and to manage legal and regulatory requests and requirements; to enforce or protect our legal rights or to establish, bring or defend legal claims.

Administrative and technical aspects: for network and information security purposes; to comply with a request from you in connection with the exercise of your rights; to inform you of updates to our terms and policies; for cookies that are essential to function properly.

Analytics: to evaluate user behavior, including understanding the effectiveness of existing product features, planning new features, or measuring audience size or characteristics

Preventing fraud, illegal activity, or any violation of the terms of service or Privacy Policy: We may disable access to the Services, erase or correct personal data in some cases of fraud, illegal activity, or any violation of the terms of service or Privacy Policy.

4.4. Legal obligation’ rules and related purposes

We will process your personal data to comply with our legal or regulatory requirements.

5. How do we process personal data?

We share your data with our contractors provided these third parties assume confidentiality obligations regarding your personal data and have sufficient and appropriate safeguards for data protection.

5.1. Disclosure of personal data

In some circumstances, we may disclose or transfer your personal data to the following third parties:

5.2. Sharing of personal data

We share information for the following purposes:

5.3. Purposes of the processing of personal data

We process personal data for the following main purposes:

6. How do we store your personal data?

The servers where we store your personal data are provided by HubSpot (privacy policy: and Data Processing Agreement:; Heroku, a Salesforce company (privacy policy: and Data Processing Agreement:; Amazon Web Services (privacy policy: and Data Processing Agreement:

7. Data Retention Periods

We will keep your personal data for as long as it is necessary for the purposes set out in this Privacy Policy.

We keep information that we need to resolve any disputes, enforce our contracts, agreements, and terms with you and provide you with the possibility to use our Services, protect legal rights, and comply with technical and legal requirements and constraints related to the security and operation of our Services for as long as it is reasonably necessary or required.

Otherwise, we may delete information when it is no anymore reasonably necessary to keep it to provide you the Services, comply with applicable laws and regulations, and run our business.

8. How do we keep your information safe?

We have implemented appropriate technical, procedural, and organizational security measures designed to protect the security of any personal data we process. We regularly monitor our systems for possible vulnerabilities and attacks. Your information is stored on secure servers. We restrict access to your personal data to those employees who are trained and instructed, have a business reason to access, and have professional skills allowing them to work with your personal data. Access control and encryption are the key technologies for protecting your data.

Additionally, data passing over networks, including the Internet, are encrypted with HTTPS, security audits, and other technologies. In addition, data is encrypted when it is stored or “at rest” within servers and hard drives as well.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet and information storage technology cannot be guaranteed to be 100% secure, so we cannot promise and guarantee that hackers, criminals, or unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal data, the transmission of personal data to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. Your data protection rights

You can exercise the following rights by contacting us.

You have the right to access information about you, especially:

The right to access information may be performed only by you or your legal representative. In case you request the right to access information via a legal representative, you have to provide proof of whether such a person may represent you.

You have the right to make us correct any inaccurate personal data about you.

You can object to using your personal data for profiling or making automated decisions about you. We may use your data to determine whether we should let you know the information that might be relevant to you.

You have the right to restrict processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.

You have the right to the data portability of your data to another service or website. We will give you a copy of your data in a readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.

You have the right to be “forgotten”. You may ask to erase any personal data about you if it is no longer necessary for us to store the data or in other certain circumstances. We will also deactivate your account. Please, note, that we cannot restore permanently deleted accounts or personal data.

You have the right to lodge a complaint about the use of your data by us. You can address a complaint to your national regulator (the list of some regulators is accessible via

Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law.

We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is unfounded, repetitive, or excessive, or refuse to comply with your request in these circumstances.

10. Children’s Privacy

We kindly remind you that our Services are not intended for use by children under 16 years of age according to the terms of service. We do not knowingly collect or process any personal data from or with respect to children. If we become aware that we have collected personal data on behalf of a person under the age of 16, we will delete this information when we become aware of it. On our side, we will block or restrict the child from accessing our Services or obtain consent from parents for the collection, use, and sharing of their children’s personal data. If you have any reason to believe that we have collected such personal data, please, inform us immediately.

11. Cookies

A cookie is a small piece of data that is stored on your computer or mobile device. We use cookies and similar technologies to collect additional Services usage data and to operate our Services. Our Services use cookies to distinguish you from other users. This helps us to provide you with a good experience and allows us to improve our Services.

We collect, process, and analyze data regarding the use of our Services using third-party services provided by Google Analytics, Drip, Facebook, AdRoll, and Shopify. Traffic data is data connected to visitors on the web page and data handled in communication fields for sending, distributing, or making messages available. 

You can set or amend your web browser controls to accept or reject cookies. Alternatively, you may wish to visit, which contains comprehensive information on how to do this on a wide variety of browsers. 

If you choose to reject cookies, you will still use our Services, however, your access to some functionality and areas of our Services may be restricted. 

For more information, you may contact us.

12. Third-Party Services

Our Services contain links to third-party services. If you click on those links, you will leave our Service. As we do not operate those sites, applications, and services, we cannot take responsibility for the privacy practices of the entities that operate them. We recommend that you consistently check the privacy policies of every website. As a kind reminder, our Privacy Policy concerns only our Services.

13. Transfer of Your Personal Data

Some of our third parties are located outside the EU/EEA. We have signed data processing agreements and standard contractual clauses with supplementary measures to transfer your personal data outside the EU/EEA. For more information, you may contact us.

14. Changes to Our Privacy Policy

We will update this Privacy Policy from time to time, please review it frequently. We will notify you of changes by a notice on our home page or, where appropriate, by email.

15. How do you make a complaint?

If you have any concerns about our use of your personal data, you can write to us via the contact information.

If you are a resident of the European Economic Area and you believe we are unlawfully using your personal data, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: